CVE-2025-25068
Published: 21 March 2025
Description
Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.
Security Summary
CVE-2025-25068 is a vulnerability in Mattermost versions 10.4.x up to and including 10.4.2, 10.3.x up to and including 10.3.3, 9.11.x up to and including 9.11.8, and 10.5.x up to and including 10.5.0. It stems from a failure to enforce multi-factor authentication (MFA) on plugin endpoints, allowing authenticated attackers to bypass MFA protections through API requests to plugin-specific routes. The issue is mapped to CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Attackers require low-privilege authenticated access (PR:L) and network connectivity (AV:N) to exploit this vulnerability, which demands high attack complexity (AC:H) but no user interaction (UI:N). Exploitation enables bypassing MFA restrictions, potentially leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) by accessing protected plugin functionalities without additional authentication.
Mattermost has published details on this vulnerability in their security updates, available at https://mattermost.com/security-updates, which security practitioners should consult for patch information and mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in public-facing Mattermost app allows remote authenticated access to bypass MFA enforcement on plugin API endpoints (CWE-306), directly mapping to exploitation of public-facing application and MFA bypass technique.